Yes - I was meaning "in addition to his original issue", he is also open to SQL injection by not using SQL Parameters.
On Thu, Jun 3, 2010 at 2:45 PM, Stephen Russell <[email protected]> wrote: > On Thu, Jun 3, 2010 at 3:54 AM, Jamie Fraser <[email protected]> wrote: >> Don't concatenate SQL like that - you are open to SQL injection >> attacks. For example, someone could use a JS debugger to modify the >> values in ddlProjectPlatform so the Selected value was '0 OR 1=1' or >> similar. > ------------ > > I thought that his data was null value and when he put in addition to > another string he error-ed. > > > -- > Stephen Russell > > Sr. Production Systems Programmer > CIMSgts > > 901.246-0159 cell >
